Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread webmaster 

Quoting Noel Jones :


David Cottle wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Noel,

Yes please!  But can you tell me how to do this...  I really don't
want to bounce the spam at all.  I am using postfix 2.6, I built the
rpm from source.

Many thanks!,
David

Here is my main.cf (abbreviated I show only activated options)



[[Please don't top post.
Please show "postconf -n" rather than random main.cf snips.
Please show related logging.]]


You'll need to investigate where your bounces are coming from by
examining your log - find out why postfix generated a bounce.
Start by searching your logfile for the QUEUEID displayed by the
"mailq" command.

The "usual" source of unwanted bounces is accepting mail for
undeliverable recipients rather than rejecting such mail during SMTP.
The postfix method of recipient validation depends on the address class
of the recipient domain.
http://www.postfix.org/ADDRESS_CLASS_README.html

Also note that any address matched by virtual_alias_maps or
*canonical_maps is considered valid, so "@domain @domain" wildcard
mapping effectively disables recipient validation.


Please see
http://www.postfix.org/DEBUG_README.html
and especially
http://www.postfix.org/DEBUG_README.html#mail


--
Noel Jones



Hi Noel,

The mailq dump as requested:

-Queue ID- --Size-- Arrival Time -Sender/Recipient---
91B8113C0040 3168 Mon Jan 12 13:57:12  MAILER-DAEMON
(host mx1.atomz.com[64.191.197.46] said: 450 4.1.1 :  
Recipient address rejected: User unknown in relay recipient table (in  
reply to RCPT TO command))

 ben...@atomz.com

AF41E13C0042 2849 Mon Jan 12 14:58:09  MAILER-DAEMON
(connect to losxpertos.com[69.64.147.19]:25: Connection timed out)
 whirredfih0...@losxpertos.com

EC83913C0033 2710 Mon Jan 12 10:12:22  MAILER-DAEMON
   (connect to aimnona.com[66.79.162.22]:25: Connection timed out)
 r...@aimnona.com

8F54113C0028 2941 Mon Jan 12 09:20:39  MAILER-DAEMON
 (connect to mailno.opens.com[255.255.255.255]:25: Network is unreachable)
 tandcr...@opens.com

B831F13C003E 3039 Mon Jan 12 10:43:42  MAILER-DAEMON
(connect to mail.cfbnet.com[67.79.170.115]:25: Connection refused)
 donboe...@cfbnet.com

-- 18 Kbytes in 5 Requests.

postfix implementation in forum like application

2009-01-11 Thread vivek.agrawal 

hello everyone,
 below i have described my application requirments. I need your
comments/suggestion.

Current appilcation - I have a web application which works like a forum
only. only difference is that user can create some thread and only
restricted users related with that thread can send and recieve message. 

new requirment : 1. whenever user u1 will send a message to user u2 on a
thread t1 then a mail should send from thread t1's email id. to both the
user. 

2. recipent user u2 can reply to that mail by using their own mail
application (outlook, web base gui.). once user u2 has replied on that
message, replied message should get stored in my own web application
database. 

currently i am using ubuntu and java for application. Please let me know how
i can achive this functionality. 
-- 
View this message in context: 
http://www.nabble.com/postfix-implementation-in-forum-like-application-tp21409647p21409647.html
Sent from the Postfix mailing list archive at Nabble.com.

Re: smtp_helo_name ignored

2009-01-11 Thread David Cottle 



Sent from my iPhone

On 12/01/2009, at 15:36, Sahil Tandon  wrote:


On Mon, 12 Jan 2009, David Cottle wrote:


smtpd_banner = gateway.aus-city.com

I want the helo to say that name. I assume I drop the hostname and  
what

about the ESMTP?


I think you may be confused about the HELO; the smtpd_banner is  
simply what
follows the 220 when a client connects to your smtpd.  It is common  
practice
for servers that support ESMTP to indicate this in their banner; no  
harm in
leaving it there.  Although Postfix by default sends EHLO even if  
ESMTP does
not appear in the banner, some other MTAs might need to see ESMTP to  
know

your server supports it.

--
Sahil Tandon 


The top posting is what the iPhone does I tried manually forcing it to  
the bottom.


Okay I set myhostname = gateway.aus-city.com

Now it replies properly, bit it still fails RFC, I get this now (it's  
better as atleast now the name exists not a unknown server)


mail.aus-city.com claims to be host gateway.aus-city.com but that host  
is at 202.129.79.106 (may be cached) not 203.206.129.129


There are 28 domains on the server all on individual IPs.

Any solution or live with it? I assume it's much better having a real  
name rather than a non existent one?


Thanks for the help!

David

OT: iPhone replies

2009-01-11 Thread MacShane, Tracy 
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of MacShane, Tracy
> Sent: Monday, 12 January 2009 3:34 PM
> To: postfix-users@postfix.org
> Subject: RE: Re: smtp_helo_name ignored
> 
> Unfortunately, in a similar way to Blackberries, iPhones do 
> not permit bottom posting or in-line comments in reply to a 
> message. I for one wish they would fix it on a Blackberry, 
> which is supposed to be a *business* tool.
> 

Well, it turns out I'm talking through a hole in my head with regard to
iPhones. Apologies for the confusion!

Re: smtp_helo_name ignored

2009-01-11 Thread Sahil Tandon 
On Mon, 12 Jan 2009, David Cottle wrote:

> smtpd_banner = gateway.aus-city.com
>
> I want the helo to say that name. I assume I drop the hostname and what 
> about the ESMTP?

I think you may be confused about the HELO; the smtpd_banner is simply what 
follows the 220 when a client connects to your smtpd.  It is common practice
for servers that support ESMTP to indicate this in their banner; no harm in
leaving it there.  Although Postfix by default sends EHLO even if ESMTP does
not appear in the banner, some other MTAs might need to see ESMTP to know
your server supports it.

-- 
Sahil Tandon

RE: Re: smtp_helo_name ignored

2009-01-11 Thread MacShane, Tracy 
> -Original Message-
> From: owner-postfix-us...@postfix.org 
> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Sahil Tandon
> Sent: Monday, 12 January 2009 3:20 PM
> To: postfix-users@postfix.org
> Subject: Spam: Re: smtp_helo_name ignored
> 
> On Mon, 12 Jan 2009, David Cottle wrote:
> 
> > So I should be using smtpd_helo_name to set the server helo name?
> 
> ...
> 
> For the umpteenth time, please stop top-posting.
> 


Unfortunately, in a similar way to Blackberries, iPhones do not permit
bottom posting or in-line comments in reply to a message. I for one wish
they would fix it on a Blackberry, which is supposed to be a *business*
tool.

Re: smtp_helo_name ignored

2009-01-11 Thread Sahil Tandon 
On Mon, 12 Jan 2009, David Cottle wrote:

> So I should be using smtpd_helo_name to set the server helo name?

All supported main.cf parameters are documented in the postconf(5) manual;
smtpd_helo_name is not one of them.

For the umpteenth time, please stop top-posting.

-- 
Sahil Tandon

Re: smtp_helo_name ignored

2009-01-11 Thread David Cottle 

Hi Noel,

I will send you the logs tonight re the bounces.

Okay the helo is this correct?

smtpd_banner = gateway.aus-city.com

I want the helo to say that name. I assume I drop the hostname and  
what about the ESMTP?


Thanks!

Sent from my iPhone

On 12/01/2009, at 14:29, Noel Jones  wrote:


David Cottle wrote:
I am running postfix on my mail server. The server uses a domain  
name in my local DNS that does not exist.

So to comply to RFC I used the smtp_helo_name = real.name.com
In my main.cf file.
But it does not work dnstools still reports that the helo is  
answering with the hostname, not my entry in main.cf so somthing is  
taking preference.
How do I fix this I simply want the helo to respond with what I  
specify and it will comply.

Thanks!
Sent from my iPhone



that parameter is used when you send mail (smtp) not when you  
receive mail (smtpd)


To change the greeting when you receive mail, please see
http://www.postfix.org/postconf.5.html#smtpd_banner
http://www.postfix.org/postconf.5.html#myhostname


--
Noel Jones

Re: smtp_helo_name ignored

2009-01-11 Thread David Cottle 

Hi Sahil,

Yes exactly!

So I should be using smtpd_helo_name to set the server helo name?

Thanks!
David

Sent from my iPhone

On 12/01/2009, at 14:26, Sahil Tandon  wrote:


David Cottle wrote:

I am running postfix on my mail server. The server uses a domain  
name in

my local DNS that does not exist.


Presumably, you refer to server.engineering.idb?

 % telnet mail.aus-city.com 25
 Trying 203.206.129.129...
 Connected to mail.aus-city.com.
 Escape character is '^]'.
 220 server.engineering.idb ESMTP Postfix


So to comply to RFC I used the smtp_helo_name = real.name.com


Altering this parameter impacts the Postfix *client*, not the  
server.  smtp

!= smtpd.

How do I fix this I simply want the helo to respond with what I  
specify

and it will comply.


Change the code or $myhostname. :-)

--
Sahil Tandon

Re: smtp_helo_name ignored

2009-01-11 Thread Noel Jones 

David Cottle wrote:
I am running postfix on my mail server. The server uses a domain name in 
my local DNS that does not exist.


So to comply to RFC I used the smtp_helo_name = real.name.com

In my main.cf file.

But it does not work dnstools still reports that the helo is answering 
with the hostname, not my entry in main.cf so somthing is taking 
preference.


How do I fix this I simply want the helo to respond with what I specify 
and it will comply.


Thanks!

Sent from my iPhone



that parameter is used when you send mail (smtp) not when you 
receive mail (smtpd)


To change the greeting when you receive mail, please see
http://www.postfix.org/postconf.5.html#smtpd_banner
http://www.postfix.org/postconf.5.html#myhostname


--
Noel Jones

Re: smtp_helo_name ignored

2009-01-11 Thread Sahil Tandon 
David Cottle wrote:

> I am running postfix on my mail server. The server uses a domain name in 
> my local DNS that does not exist.

Presumably, you refer to server.engineering.idb?

  % telnet mail.aus-city.com 25
  Trying 203.206.129.129...
  Connected to mail.aus-city.com.
  Escape character is '^]'.
  220 server.engineering.idb ESMTP Postfix

> So to comply to RFC I used the smtp_helo_name = real.name.com

Altering this parameter impacts the Postfix *client*, not the server.  smtp
!= smtpd.

> How do I fix this I simply want the helo to respond with what I specify 
> and it will comply.

Change the code or $myhostname. :-)

-- 
Sahil Tandon

Re: Postconf - for Noel

2009-01-11 Thread Noel Jones 

David Cottle wrote:



Sent from my iPhone


Out of context, this doesn't provide anything meaningful.

You need to examine your logs to see why postfix is bouncing 
messages, then provide *all* the information requested.


--
Noel Jones

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread Noel Jones 

David Cottle wrote:

Hi Noel,

Thanks for your help!

I will firstly forward the postconf dump as requested.

I will have to forward as another message - will call it postconf as I 
am on my iPhone.


At least you can firstly look at that and perhaps find it is accepting 
during SMTP for undeliverable.


Many thanks!

David

Sent from my iPhone


Stop top posting - put your answers below the text you refer to.

smtp_helo_name ignored

2009-01-11 Thread David Cottle 
I am running postfix on my mail server. The server uses a domain name  
in my local DNS that does not exist.


So to comply to RFC I used the smtp_helo_name = real.name.com

In my main.cf file.

But it does not work dnstools still reports that the helo is answering  
with the hostname, not my entry in main.cf so somthing is taking  
preference.


How do I fix this I simply want the helo to respond with what I  
specify and it will comply.


Thanks!

Sent from my iPhone

Postconf - for Noel

2009-01-11 Thread David Cottle 



Sent from my iPhone


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 1024
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_send_xforward_command = yes
smtp_use_tls = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8
smtpd_client_restrictions = reject_rbl_client bl.spamcop.net,  
reject_rbl_client sbl-xbl.spamhaus.org
smtpd_recipient_restrictions = permit_mynetworks,  
permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/ 
postfix/plesk/blacklists, reject_non_fqdn_sender,  
reject_unauthenticated_sender_login_mismatch

smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/ 
virtual

virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/ 
postfix/plesk/virtual_domains

virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:110

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread David Cottle 

Hi Noel,

Thanks for your help!

I will firstly forward the postconf dump as requested.

I will have to forward as another message - will call it postconf as I  
am on my iPhone.


At least you can firstly look at that and perhaps find it is accepting  
during SMTP for undeliverable.


Many thanks!

David

Sent from my iPhone

On 12/01/2009, at 11:19, Noel Jones  wrote:


David Cottle wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Noel,
Yes please!  But can you tell me how to do this...  I really don't
want to bounce the spam at all.  I am using postfix 2.6, I built the
rpm from source.
Many thanks!,
David
Here is my main.cf (abbreviated I show only activated options)


[[Please don't top post.
Please show "postconf -n" rather than random main.cf snips.
Please show related logging.]]


You'll need to investigate where your bounces are coming from by  
examining your log - find out why postfix generated a bounce.
Start by searching your logfile for the QUEUEID displayed by the  
"mailq" command.


The "usual" source of unwanted bounces is accepting mail for  
undeliverable recipients rather than rejecting such mail during  
SMTP.  The postfix method of recipient validation depends on the  
address class of the recipient domain.

http://www.postfix.org/ADDRESS_CLASS_README.html

Also note that any address matched by virtual_alias_maps or  
*canonical_maps is considered valid, so "@domain @domain" wildcard  
mapping effectively disables recipient validation.



Please see
http://www.postfix.org/DEBUG_README.html
and especially
http://www.postfix.org/DEBUG_README.html#mail


--
Noel Jones

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread Noel Jones 

David Cottle wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Noel,

Yes please!  But can you tell me how to do this...  I really don't
want to bounce the spam at all.  I am using postfix 2.6, I built the
rpm from source.

Many thanks!,
David

Here is my main.cf (abbreviated I show only activated options)



[[Please don't top post.
Please show "postconf -n" rather than random main.cf snips.
Please show related logging.]]


You'll need to investigate where your bounces are coming from 
by examining your log - find out why postfix generated a bounce.
Start by searching your logfile for the QUEUEID displayed by 
the "mailq" command.


The "usual" source of unwanted bounces is accepting mail for 
undeliverable recipients rather than rejecting such mail 
during SMTP.  The postfix method of recipient validation 
depends on the address class of the recipient domain.

http://www.postfix.org/ADDRESS_CLASS_README.html

Also note that any address matched by virtual_alias_maps or 
*canonical_maps is considered valid, so "@domain @domain" 
wildcard mapping effectively disables recipient validation.



Please see
http://www.postfix.org/DEBUG_README.html
and especially
http://www.postfix.org/DEBUG_README.html#mail


--
Noel Jones

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread David Cottle 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Noel,

Yes please!  But can you tell me how to do this...  I really don't
want to bounce the spam at all.  I am using postfix 2.6, I built the
rpm from source.

Many thanks!,
David

Here is my main.cf (abbreviated I show only activated options)

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = $virtual_mailbox_maps
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.5.6/samples
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps,
hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
transport_maps = hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
#smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unlisted_recipient, reject_unverified_recipient
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
smtpd_client_restrictions = reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
message_size_limit = 1024



master.cf

#
==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
#
==
#submission inet n   -   n   -   -   smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps inet  n   -   n   -   -   smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628  inet  n   -   n   -   -   qmqpd
pickup fifo n - - 60 1 pickup -o content_filter=smtp:127.0.0.1:10027
cleanup   unix  n   -   n   -   0   cleanup
qmgr  fifo  n   -   n   300 1   qmgr
#qmgr fifo  n   -   n   300 1   oqmgr
tlsmgrunix  -   -   n   1000?   1   tlsmgr
rewrite   unix  -   -   n   -   -   trivial-rewrite
bounceunix  -   -   n   -   0   bounce
defer unix  -   -   n   -   0   bounce
trace unix  -   -   n   -   0   bounce
verifyunix  -   -   n   -   1   verify
flush unix  n   -   n   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
proxywrite unix -   -   n   -   1   proxymap
smtp  unix  -   -   n   -   -   smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix  -   -   n   -   -   smtp
-o smtp_fallback_relay=
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix  n   -   n   -   -   showq
error unix  -   -   n   -   -   error
retry unix  -   -   n   -   -   error
discard   unix  -   -   n   -   -   discard
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp
anvil unix  -   -   n   -   1

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread Noel Jones 

David Cottle wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I cant seem to stop these spam bounce emails.

smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination

I have one bounce in there now, and postqueue -p tells me that connect
to mailno.opens.com network is unreachable.

Any ideas?


This sounds as if you have undeliverable bounces (which happen 
to be spam) in your queue.


So why are you bouncing mail at all?  Don't do that.

Please give us more details
http://www.postfix.org/DEBUG_README.html#mail

--
Noel Jones

Re: Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread Sahil Tandon 
David Cottle wrote:

> I cant seem to stop these spam bounce emails.

What spam bounce emails?

> I have one bounce in there now, and postqueue -p tells me that connect
> to mailno.opens.com network is unreachable.
> 
> Any ideas?

You need to fully explain the problem.  To get the most out of this mailing
list, read http://www.postfix.org/DEBUG_README.html#mail before posting
again.

-- 
Sahil Tandon

Re: Adding a table to proxy_read_maps...

2009-01-11 Thread Wietse Venema 
Charles Marcus:
> First question... is there a reason that none of the *_limit_maps are
> included in proxy_read_maps by default? I.e., maybe doing this is not
> recommended?

There are no _limit_maps parameters in Postfix. Someone must have
introduced these with a patch, and botched the job by not adding
his parameters to the default proxy_read_maps setting.

Wietse

Can't stop UNDELIVERED MAIL RETURNED TO SENDER emails

2009-01-11 Thread David Cottle 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I cant seem to stop these spam bounce emails.

smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination

I have one bounce in there now, and postqueue -p tells me that connect
to mailno.opens.com network is unreachable.

Any ideas?

Thanks!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklqdgkACgkQi1lOcz5YUMgi7QCeJe0oYpwJzsYf+E+NRBOuQIIS
EjgAnj06FCeOlulPyylsuA63MQVgzOiW
=Z/wX
-END PGP SIGNATURE-

begin:vcard
fn:David Cottle
n:Cottle;David
email;internet:webmas...@aus-city.com
title:Webmaster
version:2.1
end:vcard

Re: Is it possible to run 2 or more Postfix instances on a single machine?

2009-01-11 Thread Wietse Venema 
Jet Wilda:
> Hi,
> 
> Is it possible to run 2 or more postfix instances on a single machine?
> If so what steps are necessary to make it work?  Thanks in advance for any
> and all help.

You need a new config_directory, and it needs a main.cf and master.cf
file The main.cf file specifies a mail_queue_directory and
data_directory that aren't shared with other Postfix instances.

Both the default main.cf and the new one need to specify
inet_interfaces settings that do not conflict with each other.

Then you need to list the non-default config_directory in
the default main.cf under "alternate_config_directories".

Then it is a matter of

postfix -c config_directory start
postfix -c config_directory stop

sendmail -C config_directory
mailq -C config_directory
newaliases -C config_directory

etc.  to talk to the new instance.

A first version of a multi-instance manager will likely become
available in the coming weeks.

Wietse

Is it possible to run 2 or more Postfix instances on a single machine?

2009-01-11 Thread Jet Wilda 
Hi,

Is it possible to run 2 or more postfix instances on a single machine?
If so what steps are necessary to make it work?  Thanks in advance for any
and all help.

Thanks,
~Jet

Re: Adding a table to proxy_read_maps...

2009-01-11 Thread mouss 
Charles Marcus a écrit :
> On 1/11/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
>>> First question... is there a reason that none of the *_limit_maps are
>>> included in proxy_read_maps by default? I.e., maybe doing this is not
>>> recommended?
> 
>> Ask the maintainers of the unofficial VDA quota patch.
> 
> I didn't know I was using that patch, but considering your reply,
> apparently the *_limit_maps are a sure sign of it? I'm on gentoo, and
> have the vda USE flag explicitly DISABLED...
> 
> Hmmm... closer examination shows that I am not actually using this patch
> OR table, since it (the Table) doesn't show up in postconf -n output,
> even though it is specified in main.cf. 

so you probably don't use the patch. you can convince yourself using:

# postconf -d|grep limit_maps

(it should return nothing).

More generally,
to see whether a parameter foo_bar_mumble is a postfix parameter, run
# postconf foo_bar_mumble

if it's not a postfix parameter, you get:
postconf: warning: foo_bar_mumble: unknown parameter


> This system was originally set
> up by someone else, so they must have set this, and I just never noticed
> it, since I have not actually implemented quotas yet - although I've
> been toying with the idea, which is why I had not commented out those
> lines in main.cf...
> 

better remove them.


> I've been planning on switching this installation over to dovecot soon
> anyway for POP/IMAP access, so will just use the dovecot LDA and quota
> plug-in if/when I decide to implement quotas...
> 
>> There is as-yet no support for "+=" in main.cf parameter settings.
> 
> Ok, thanks for the confirmation...
>

Re: Adding a table to proxy_read_maps...

2009-01-11 Thread Charles Marcus 
On 1/11/2009, Victor Duchovni (victor.ducho...@morganstanley.com) wrote:
>> First question... is there a reason that none of the *_limit_maps are
>> included in proxy_read_maps by default? I.e., maybe doing this is not
>> recommended?

> Ask the maintainers of the unofficial VDA quota patch.

I didn't know I was using that patch, but considering your reply,
apparently the *_limit_maps are a sure sign of it? I'm on gentoo, and
have the vda USE flag explicitly DISABLED...

Hmmm... closer examination shows that I am not actually using this patch
OR table, since it (the Table) doesn't show up in postconf -n output,
even though it is specified in main.cf. This system was originally set
up by someone else, so they must have set this, and I just never noticed
it, since I have not actually implemented quotas yet - although I've
been toying with the idea, which is why I had not commented out those
lines in main.cf...

I've been planning on switching this installation over to dovecot soon
anyway for POP/IMAP access, so will just use the dovecot LDA and quota
plug-in if/when I decide to implement quotas...

> There is as-yet no support for "+=" in main.cf parameter settings.

Ok, thanks for the confirmation...

-- 

Best regards,

Charles

Re: Adding a table to proxy_read_maps...

2009-01-11 Thread Victor Duchovni 
On Sun, Jan 11, 2009 at 02:48:39PM -0500, Charles Marcus wrote:

> First question... is there a reason that none of the *_limit_maps are
> included in proxy_read_maps by default? I.e., maybe doing this is not
> recommended?

Ask the maintainers of the unofficial VDA quota patch.

> Otherwise... is there a simple way to simply *append* the desired
> table(s) to the defaults? Or do I have to add a custom proxy_read_maps =
> line in main.cf and repeat all of the defaults, adding the desired table(s)?

No, you have to list the default values and then your custom additions.
There is as-yet no support for "+=" in main.cf parameter settings.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Adding a table to proxy_read_maps...

2009-01-11 Thread Charles Marcus 
Hello,

I want to convert my table lookups to use the proxymap service, but have
a question...

The docs for proxy_read_maps states:

"proxy_read_maps (default: see "postconf -d" output)

The lookup tables that the proxymap(8) server is allowed to access
for the read-only service. Table references that don't begin with proxy:
are ignored.

This feature is available in Postfix 2.0 and later."

But it doesn't say anything explicitly about *how* to add a map to this
list.

I am referencing virtual_mailbox_limit_maps but this table is not
showing in the proxy_read_maps table:

myhost ~ # postconf -d | grep proxy_read_maps
proxy_read_maps =
$local_recipient_maps
$mydestination
$virtual_alias_maps
$virtual_alias_domains
$virtual_mailbox_maps
$virtual_mailbox_domains
$relay_recipient_maps
$relay_domains
$canonical_maps
$sender_canonical_maps
$recipient_canonical_maps
$relocated_maps
$transport_maps
$mynetworks
$sender_bcc_maps
$recipient_bcc_maps
$smtp_generic_maps
$lmtp_generic_maps
myhost ~ #

First question... is there a reason that none of the *_limit_maps are
included in proxy_read_maps by default? I.e., maybe doing this is not
recommended?

Otherwise... is there a simple way to simply *append* the desired
table(s) to the defaults? Or do I have to add a custom proxy_read_maps =
line in main.cf and repeat all of the defaults, adding the desired table(s)?

Thanks,

-- 

Best regards,

Charles

Re: fatal: open file trace :Permission denied

2009-01-11 Thread Wietse Venema 
N. Yaakov Ziskind:
> Wietse Venema wrote (on Wed, Jan 07, 2009 at 09:03:42PM -0500):
> > I'd say, run "postfix set-permissions" and if that does not
> > do the job, kill off or update SELINUX, APPARMOR, etc.
> > 
> > Wietse
> 
> # postfix/postfix-script: fatal: usage: postfix start (or stop, reload,
> abort, flush, or check)
> 
> a little digging convinced me that you meant:
> 
> # /etc/postfix/post-install set-permissions

The command "postfix set-permissions" is available since Postfix
2.1 which was released in April 2004.

Before Postfix version 2.3, the trace service was used only to
report results for "sendmail -v" and "sendmail -bv". Postfix version
2.3 and later also use the trace service for RFC 3462 "success"
delivery status notifications.

> but that gave a string of (I think) meaningless errors - fix one, another
> pops up, etc. (Now I'm up to "chown: cannot access
> `/usr/share/man/man1/mailq.postfix.1.bz2': No such file or directory")

Your Postfix installation is badly inconsistent. All warranties
are void at this point.

> SELINUX is not installed, and APPARMOR is in complain mode.

It does not matter. You need to first fix the inconsistencies.

Wietse

Re: fatal: open file trace :Permission denied

2009-01-11 Thread N. Yaakov Ziskind 
Wietse Venema wrote (on Sun, Jan 11, 2009 at 09:04:04AM -0500):
> N. Yaakov Ziskind:
> >  In:  DATA
> >  Out: 354 End data with .
> >  Out: 451 4.3.0 Error: queue file write error
> > 
> > puzzling.
> 
> The actual problem is logged in the MAILLOG file. Postfix does
> not divulge internal problem details to SMTP clients.
> 
>   Wietse

Correct. I had posted the log errors in the first message in this
thread. They got snipped, so I'll repost them:

Jan  8 19:31:33 geulah postfix/bounce[10466]: fatal: open file trace 
AFD43439E2: Permission denied
Jan  8 19:31:34 geulah postfix/cleanup[10454]: warning: AFD43439E2: trace 
service failure
Jan  8 19:31:34 geulah postfix/cleanup[10454]: warning: AFD43439E2: trace 
logfile update error
Jan  8 19:31:34 geulah postfix/master[9437]: warning: process 
/usr/lib/postfix/bounce pid 10466 exit status 1
Jan  8 19:31:34 geulah postfix/master[9437]: warning: /usr/lib/postfix/bounce: 
bad command startup -- throttling

and then a double bounce error messsages is generated.

-- 
_
Nachman Yaakov Ziskind, FSPA, LLM   aw...@ziskind.us
Attorney and Counselor-at-Law   http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants

Re: fatal: open file trace :Permission denied

2009-01-11 Thread Wietse Venema 
N. Yaakov Ziskind:
>  In:  DATA
>  Out: 354 End data with   .
>  Out: 451 4.3.0 Error: queue file write error
> 
> puzzling.

The actual problem is logged in the MAILLOG file. Postfix does
not divulge internal problem details to SMTP clients.

Wietse

Question on allowing a specific server to send mail

2009-01-11 Thread David Cottle 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

I have hardened by main.cf file to stop backscatter.


smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain

and

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unlisted_recipient, reject_unverified_recipient


I have a local server here that sends denyhost reports to my mail
server across the LAN directly.  Since I did this its not getting
reports anymore.  I think most likely to 'reject_non_fqdn_sender',
'reject_unknown_sender_domain'.  Is there a way I can specify my own
internal name (I have my own internal DNS) I gave the server to
'force' it to accept emails from this server.

Any ideas?

Thanks!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklp2EUACgkQi1lOcz5YUMjGGACg9u3CvU94fQYCnJEwuCtTceUw
uRsAoJ/0phxeBPwRv6jZRV+QQpx0bHG5
=0qij
-END PGP SIGNATURE-
begin:vcard
fn:David Cottle
n:Cottle;David
email;internet:webmas...@aus-city.com
title:Webmaster
version:2.1
end:vcard

Re: Question on allowing a specific server to send mail

2009-01-11 Thread mouss 
David Cottle a écrit :
> I have hardened by main.cf file:
> 
> smtpd_sender_restrictions = check_sender_access
> hash:/var/spool/postfix/plesk/blacklists, 

don't put your maps inside the queue directory. There are a lot of
better places.

> reject_non_fqdn_sender,
> reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain
> 
> and
> 
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> reject_unlisted_recipient, reject_unverified_recipient
> 
> 
> I have a local server here that sends denyhost reports to my mail
> server across the LAN directly.  Since I did this its not getting
> reports anymore.  I think most likely to 'reject_non_fqdn_sender',
> 'reject_unknown_sender_domain'.  Is there a way I can specify my own
> internal name (I have my own internal DNS) I gave the server to
> 'force' it to accept emails from this server.
> 

put permit_mynetworks at the beginning of your smtpd_sender_restrictions.

alternatively, put your smtpd_sender_restrictions checks in
smtpd_recipient_restrictions, after reject_unauth_destinaion.

> Any ideas?
> 
> Thanks!

Re: Question on allowing a specific server to send mail

2009-01-11 Thread Magnus Bäck 
On Sunday, January 11, 2009 at 12:17 CET,
 David Cottle  wrote:

> I have hardened by main.cf file:
> 
> smtpd_sender_restrictions = check_sender_access
> hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
> reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain
> 
> and
> 
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_non_fqdn_recipient, reject_unknown_recipient_domain,
> reject_unlisted_recipient, reject_unverified_recipient
> 
> I have a local server here that sends denyhost reports to my mail
> server across the LAN directly.  Since I did this its not getting
> reports anymore.  I think most likely to 'reject_non_fqdn_sender',
> 'reject_unknown_sender_domain'.  Is there a way I can specify my own
> internal name (I have my own internal DNS) I gave the server to
> 'force' it to accept emails from this server.

You *think* it's reject_non_fqdn_sender or reject_unknown_sender_domain?
The logs will tell you why messages are being rejected.

If it's indeed one of these two restrictions and the sending server is
listed in permit_mynetworks you could do this:

smtpd_sender_restrictions =
check_sender_access hash:/var/spool/postfix/plesk/blacklists,
reject_unauthenticated_sender_login_mismatch,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain

-- 
Magnus Bäck
mag...@dsek.lth.se

Question on allowing a specific server to send mail

2009-01-11 Thread David Cottle 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I have hardened by main.cf file:

smtpd_sender_restrictions = check_sender_access
hash:/var/spool/postfix/plesk/blacklists, reject_non_fqdn_sender,
reject_unauthenticated_sender_login_mismatch, reject_unknown_sender_domain

and

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unlisted_recipient, reject_unverified_recipient


I have a local server here that sends denyhost reports to my mail
server across the LAN directly.  Since I did this its not getting
reports anymore.  I think most likely to 'reject_non_fqdn_sender',
'reject_unknown_sender_domain'.  Is there a way I can specify my own
internal name (I have my own internal DNS) I gave the server to
'force' it to accept emails from this server.

Any ideas?

Thanks!
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklp1S4ACgkQi1lOcz5YUMjDfACgxZRb7Qr9X3aapbcJqAXqufF/
vHkAoIf44j5k3ODF2fTpAGW0RsAIXN5J
=NN1x
-END PGP SIGNATURE-

begin:vcard
fn:David Cottle
n:Cottle;David
email;internet:webmas...@aus-city.com
title:Webmaster
version:2.1
end:vcard